Release: molecularShell mod by Smoke. Access to all partitions. More to come?

Team molecule’s molecularShell intentionally hides some of the most “critical” partitions and folder of the PS Vita. Scene veteran Smoke has released a mod of molecularShell that bypasses some of the limitations.

molecularShell is the default user interface included with Henkaku, the PS Vita 3.60 hack. MolecularShell only shows the user 3 main partitions/folder on the PS Vita: app0, ur0, ux0. There are many more partitions you could in theory access on the PS Vita. According to VitaDevWiki:

os0 found on the NAND is where the “main” OS (aka CoreOS) files are including all the kernel libraries and the most important user libraries. There’s always two copies of this for redundancy and updating will only update the inactive partition and the active flag is swapped.

sa0 found on the NAND is the “bulky” data like fonts and handwriting information. Why is it a separate partition? Because it makes update files smaller. Your “systemdata” PUP provides the update for this partition.

vs0 found on the NAND is the rest of the OS including all the system apps, the main shell, and the remaining user libraries

vd0 found on the NAND is mainly used for the system registry (settings)

ud0 found on the NAND is used for updates. When you update the Vita, the update file is copied here and the system reboots.

pd0 found on the NAND is where Welcome Park (and the intro video) are found. It is also the “preinst” PUP update.

ur0 found on the NAND is the remaining user data that is structured similarly to the memory card (it shares almost the same directory structure). App icon layout for example is found here.

ux0 is the memory card

gro0 is the game card

grw0 is the writable part of the game card if supported

tm0

molecularShell is only hiding access to these files. Practically you can access them (in read only mode) by directly entering the name of the partition in your FTP client of choice. Note that the “read only” limitation is also a limitation of molecularShell, and could be easily be bypassed by modifying it to read/write in the molecularShell codebase Correction: the limitation is a PS Vita limitation that might be bypassed as people have hinted. This is not a limitation added by molecularShell or the Henkaku exploit. However a new mod might come out soon which would enable full access on these partitions.

Image from @Atreyu187

Note that the intentions of team molecule here are unclear to me. I am not sure if this is an attempt at protecting the users from themselves (some of these partitions hold critical data for your PS vita, and modifying/erasing files in there could permanently brick your PS Vita), or if it is part of their announced plan to not enable piracy on the device.

For example, gro0 is where the vita game card is accessed. Users have already confirmed that one can dump a vita cartridge from their FTP client simply by copying the contents of that partition when a game card is inserted. Of course, such a cartridge Dump is most likely useless as the content is encrypted, but it raises the question as to why team molecule did not give access from the shell directly.

@SMOKE587 no need. Just type the right partition in FTP and it works. Undocumented feature for advanced users.

Note to anyone you can enable full read and write access by simply editing the files.c in the source code of MolecularShell (VitaShell fork) and then compile to have full access. And carts can be dumped for cart sharing by simply opening PC FTP client then downloading gro0:/ directory but you will have to manually input the location into FTP client as it is not enabled in this build but again can be added by simply editing the files.c then compiling it. Or by using this URL in FTP client to access without modifying the code.

Works for tm0:/ for registry edits, quick swap of PSN accounts or even merging content from multiple accounts. Active and banned work provided you still have the act.dat and needed rif/rap files as well as registry files.

sa0, pd0 well basically all directories can be called upon manually for the file system, game carts and memory internal and external.

Access to all partitions of the PS Vita would let more people dive into the internals of the operating system, looking for more vulnerabilities and customizations. Arguably, the people with the skills to do that also have the skills to look into the HENkaku exploit and figure out how to bypass molecularShell’s limitations.

24 Responses

if the Game Cards are worthless unless encrypted, it would be interesting to see if there is a way to encrypt them again after they are dumped and then users could do like the Wii U where they extract the file, use a Title Key to copy it over to the real hardware. So if you ripped your own game (or borrowed one….or downloaded one…), got a title key then copied it to your personal devices memory card, allow you to play the game. However, would the Vita piracy scene even be that big? I doubt it b/c you will still have to buy those insanely overpriced memory cards….i’m shocked no one has made some sort of mod to use MicroSD cards on the Vita. I know the PSP had a MicroSD Memory Stick adapter, but they were a lot bigger. I wouldn’t mind using an adapter with a cable that came out the bottom of the Vita and you put a MicroSD card into it. Or maybe even make a modified Vita cartridge where you can put a MicroSD card into it like with the 3DS

That’s exactly what I was thinking theoretically speaking it can be done because of that example the DS hacks had a flash xard, PSP had magic memory sticks, I wouldn’t doubt rather I’d say it’s a matter of time because it may be done if someone could takes interest in it to develop a Vita game card we adapter.

My best guess would be a two part adapter taking the form of a game cart sized adapter with a microSD slot and a read-only Vita memory card with an exploit. You put both parts in and the fake Vita memory card just acts as a redirect to the microSD card which is partitioned etc exactly like a Vita memory card itself.

Total uneducated case but knowing how annoying the Vita security level is, wouldn’t be surprised. Still way better than the Blackfin…

Man this *** progressing super fast! i can’t wait for a kernel exploit, so I can test the lousy games, which i shouldn’t have bought (ex: call of duty), before actually buying it, and then buy the original ones like i want to test kill zone mercenary, which i hope it doesn’t turn out like call of duty (again which sucked ***) 🙁

Release piracy man, but put on a time limitation like downloaded (pirated) games would only work for 1 hour max then you have to buy the game or delete it permanently 😀

Basically as said if you read this part of this article “Note to anyone you can enable full read and write access by simply editing the files.c in the source code of MolecularShell (VitaShell fork) and then compile to have full access. And carts can be dumped for cart sharing by simply opening PC FTP client then downloading gro0:/ directory but you will have to manually input the location into FTP client as it is not enabled in this build but again can be added by simply editing the files.c then compiling it. Or by using this URL in FTP client to access without modifying the code.”

And at the end of the sentence ” Or by using this URL in FTP client to access without modifying the code.” You dont rly need the mod since you can just access it even though the folder are hidden when FTP. Just type the url as shown in the highlight area in the filezilla picture. example – /gro0: , /tm0: , /pd0: etc so on

Thanks for this article Wololo , I think that they just don’t want to see ” HELP ME I’VE BRICKED MY VITA , PLEASSSSSE ! ” Btw , I want to thank all people who made this possible, it’s really cool to see more progress on my favourite device, and @Smoke nice job man , do yo think that this could lead to a real vita cfw or something like this on the futur ?

Obviously I’m not Smoke lol however i personally think that this absolutely has very much potential to turn things around for the vita. A full-fledged cfw is relatively still far away probably but this exploit probably is gonna make it a lot easier.

if u use molecularShell to ftp it doesnt work. You got to use FTPVita to get the mod.

Or

You dont rly need the mod since you can just access it even though the folder are hidden when FTP. Just type the url as shown in the highlight area in the filezilla picture. example – /gro0: , /tm0: , /pd0: etc so on

[…] simple but very useful tools for the Vita scene in its early days, such as Memcardswap, and a mod of MolecularShell to access all partitions (something that VitaShell now does out of the box). Before his days as a […]

Archives

Disclaimer: Wololo.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com